How to encrypt your cloud storage for free

If you want something done right, you need to do it yourself. That may sound like a trite cliche, but the maxim rings true when it comes to securing files that you've stored online: A handful of recent incidents--including breaches of Dropbox and iCloud--underscores the fact that even with built-in encryption and SSL transfers, cloud storage providers can't perfectly ensure the sanctity of your data.

Luckily, however, you can take cloud security into your own hands.

A few different tools can help safeguard the privacy of your data when you store it on a remote server. One of our favorites is BoxCryptor, an easy-to-use encryption program that works with all the popular cloud services, is free to use (though you can pay for upgrades), and can help keep your data safe.

BoxCryptor is basically a virtual hard disk that encrypts files on the fly using 256-bit AES encryption. Unlike TrueCrypt, another popular on-the-fly encryption tool, BoxCryptor encrypts individual files, not an entire volume or container. That means that your BoxCryptor-encrypted files sync with your cloud storage service immediately after you save them, whereas with TrueCrypt syncing occurs only after you finish encrypting an entire volume.

BoxCryptor works by encrypting and decrypting your files locally, and doesn't transmit your password to any third parties. In other words, your files will remain unreadable to outsiders even if hackers manage to steal your password, or otherwise breach the defenses of your cloud storage provider.

Setting up BoxCryptor is fairly painless, but the service does have a few nuances that could throw you for a loop. I'll get into those after discussing the differences between the various BoxCryptor offerings and showing how to get the encryption software up and running.

Which version of BoxCryptor is right for you?

BoxCryptor comes in three versions: one that's free, an Unlimited Personal version that costs $40 and an Unlimited Business version that costs $100. Free Android and iPhone apps are also available.

The free version should work just fine for many people. It lets you operate a single virtual hard disk for encrypting/decrypting files (more on how to do that later). Upgrading to the Unlimited Personal version enables multiple virtual drives that allow you to access several encrypted folders simultaneously; it also lets you encrypt file names, not just file contents. The Business license is the same as the Unlimited Personal license, but includes a legal clause that allows you to use it in the workplace.

Installing BoxCryptor

The first step in setting up BoxCryptor is simply figuring out how to download the right program from the BoxCryptor website. The row of gray icons at the top of the download page looks like a simple informative image, but you'll actually need to click on the icon of your operating system to snag the installation file.

Once you have it, you'll need to double-click the file to start the installation wizard, then choose Create a new BoxCryptor folder. The next screen will ask you to choose a location for the encrypted folder. The destination can be an offline local folder, but the big draw for BoxCryptor is that it works with any cloud storage service that creates a local directory on your PC, such as the desktop clients for Dropbox, Google Drive, SkyDrive or Sugar Sync. Most cloud storage services create a local directory in C:/Users/*UserName by default. After you choose the destination folder, enter a name for the BoxCryptor folder that you're creating.

Next, you'll need to choose a drive letter designation for the virtual disk. Be sure to pick one that isn't already being used. (I chose S: for SkyDrive.) Finally, create a password, and you're good to go. I strongly recommended creating a backup of your BoxCryptor configuration file when prompted, since you'll lose the ability to descramble your data if you accidentally delete the config file and don't have a spare handy.

Reboot your PC after closing the wizard to complete the installation process. The virtual drive will appear alongside your physical drives when the computer restarts.

Using BoxCryptor

Here's the tricky part: You can't just drag files into the BoxCryptor.bc folder that the software creates in your cloud storage directory. If you do that, the files won't be encrypted. Instead, you'll need to deposit your files directly into BoxCryptor's virtual drive--S: in my case. Doing so will also make them appear in your cloud storage folder in encrypted form.

Similarly, the only way to unencrypt your files is to withdraw them via the same virtual drive. If you try to snag your files directly through the BoxCryptor.bc folder they'll still be encrypted and you won't be able to read them.

This regimen makes accessing your files on the road a bit of a hassle, but even the free version of BoxCryptor allows users to access cloud-stored encrypted folders, assuming you have both BoxCryptor and your cloud service's desktop client installed on your PC. BoxCryptor also offers an Android app that lets you access your encrypted SkyDrive, Google Drive, and Dropbox files after you enter your BoxCryptor password. An iOS app is available, but it works only with Dropbox.

Since all the encryption and decryption action happens on BoxCryptor's virtual drive, you'll likely have no reason ever to wander into the BoxCryptor.bc folder stored in your cloud drive. If you do, however, be very, very careful not to move or delete the encfs6.xml file. That's the configuration key needed to decrypt your files. If you move or delete it, you will be unable to decrypt your files.

Maintaining multiple encrypted drives for free

Anyone who purchases BoxCryptor Unlimited has the ability to run multiple BoxCryptor virtual drives simultaneously, but free users are limited to a single virtual drive. Does that mean you can encrypt or decrypt files at only a single cloud storage service or offline location? Not at all. It simply means that you can have only a single virtual drive operating at a given time. Basically, you can create several encrypted folders, but you can encrypt or decrypt files for only one at a time.

To create another encrypted folder in a second location, right-click on the BoxCryptor icon in your system tray and select Preferences. Next, enter Advanced Mode--ignoring the warning displayed by the program--and click on the icon for your encrypted virtual disk. The Remove option will turn red and become active; click on it. Poof! Your drive disappears from the list. Don't worry, the actual files (and their encryption key) weren't deleted.

Now, click on the New icon. The installation wizard will pop back up. This time, create another encrypted folder for a different cloud service or offline folder than you did originally. For example, I created an encrypted folder in my Dropbox account to complement the BoxCryptor folder I'd already created in my SkyDrive one. Finish up the creation process as you did before, creating a password and selecting a virtual drive designation. Advanced options will pop up during the process, but you don't have to worry about those unless you're curious about the software's niche uses. Bonus: You don't have to reboot the second (or third, or fourth, or...x) time you create a BoxCryptor folder.

When you're done, a BoxCryptor.bc folder appears in the new location, and a BoxCryptor virtual drive appears on your computer, just as before. Utilize this second encrypted folder the same way you did your first one, by adding and removing files via the virtual drive, not the BoxCryptor.bc folder itself.

But what if you need to access or add a file in the encrypted folder you created the first time around? That virtual drive--but not the folder itself--disappeared when you removed it from the BoxCryptor list to create your second encrypted folder. Fear not: It's easy to connect back to your previously created BoxCryptor folders.

First, Remove your current virtual drive in the Advanced Mode as you did before, but this time, click Add rather than New when you're done. You'll be asked to choose the location of a BoxCryptor folder; select your originally created BoxCryptor.bc destination. (In SkyDrive, in my case.) Next, choose a letter for the virtual drive you're creating, ignore the advanced options, and enter your password for the encrypted folder when prompted. Bam! A virtual drive connected to your original BoxCryptor folder appears on your computer, allowing you to encrypt and decrypt your files to your heart's content.

Deselecting and reactivating virtual drives in order to jump between multiple encrypted folders gets the job done, but running through the reactivation process over and over again gets very tedious if you bounce between multiple services on a regular basis. If you want to maintain several encrypted folders and plan on using them often, I highly recommend upgrading to the $40 Unlimited Personal license--both to cut back on the headache and to support the developers of this excellent piece of software.

Join the CSO newsletter!

Error: Please check your email address.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Brad Chacos

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place